[nsp-sec] Multiple DDoS attacks
Dave Mitchell
davem at yahoo-inc.com
Wed Jul 8 16:25:16 EDT 2009
Those are the same ones we got yesterday. Sorry for the dupe. Will send
out a bot list shortly of those UA's from yesterday and monday.
-d
On Wed, Jul 08, 2009 at 01:10:56PM -0700, Dave Mitchell wrote:
> Just got some new info from Alex @ fireeye from his sandbox. Here are
> some updated user-agents.
>
> Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR
> 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
> Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6;
> .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20)
> Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)
> Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; MAXTHON
> 2.0)
> Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6;
> .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
>
>
> -dave
>
>
> On Wed, Jul 08, 2009 at 11:14:09AM -0500, Rob Thomas wrote:
> > Hi, team.
> >
> > Apologies for duplication.
> >
> > > 213.33.116.41 53
> >
> > Bupkes on this one.
> >
> > > 216.199.83.203 80
> >
> > This appears to be a Windows XP box.
> >
> > > 213.23.243.210 443
> >
> > Bupkes on this one.
> >
> > Thanks,
> > Rob.
> > --
> > Rob Thomas
> > Team Cymru Research NFP
> > https://www.team-cymru.org/
> > cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list